A Short Guide to Hashing in Go
How to hash a string or file
Hashing functions are one of the most important features of modern cryptography. Since I’ve decided to learn Go, why not try to implement a file hash function just for fun?
Note: The version of Go used in this tutorial is 1.13.4.
A hash function is an algorithm that maps an input of variable length into an output of fixed length. The return value of this function is called a hash value, digest, or just hash.
It is used mainly to solve the integrity principle of cryptography. The message can be altered during the communication between a sender and a receiver. A hash function can ensure that the message is not modified.
The main features of a hash function are:
- Fixed-length output: The hash functions receive a message (input) of any size and always produce the same output size.
- Efficiency: It must not be computationally hard to execute.
- Deterministic: The same message will always produce the same hash value.
And to be used in cryptography, it must have the following properties:
- Pre-image resistance: Given a hash value, it should be very difficult to find a message that originated it.
- Second pre-image resistance: Given a message m, it should be very difficult to find another message n that produces the same hash as m.
- Collision resistance: It should be very difficult to find two different messages that produce the same hash.
A hash function is used on many applications around the internet, such as:
- Document integrity: You have surely downloaded a very large file from an FTP site before, for example. And they probably had an indicating hash for it.
- Password storage: Your password is saved not in plain but hashed in the database. At least the good systems do it.
- Unique ID: Since every message must produce the same output and does not have others that generate the same output, you can use the hash to uniquely identify a document or message. This is what the Git uses, for example, to identify each commit.
- Proof-of-work: For a user to execute an action or publish something, they have to prove that they have executed a task. This proof is a warranty that the user spent some time generating an answer that satisfies a condition of the evaluator. This is used in blockchains, for example.
Some popular hash functions include
We need the
crypto package to compute a hash. Here are the available hash functions:
To compute a hash from a string or byte slice, we can use the
Sum function from a given package of the algorithm that we want:
To compute the hash from a file, we need to create the hash value based on its content:
- Create a new
cryptopackage (the algorithm we want to use).
- Add it by writing to its
- Extract the sum by calling the
Read the file content in chunks to avoid using a lot of memory.
Computing a hash value from either a string or a file using Go is simple thanks to the
crypto package available.